Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method, comprising: under the control of one or more computer systems configured with executable instructions, receiving, from a requestor, a request to perform one or more operations using a cryptographic key lacked by the one or more computer systems prior to receipt of the request, the request including a uniform resource locator that: indicates the one or more operations; includes an electronic signature generated by a first entity based at least in part on a portion of the uniform resource locator and secret information inaccessible to the requestor; and includes the cryptographic key; making a determination whether the electronic signature is valid; on a condition that the determination indicates that the electronic signature is valid, using the cryptographic key from the request to perform the indicated one or more operations on data to generate a result of the one or more operations; providing the result of the one or more operations in accordance with the request; and after using the cryptographic key from the request to perform the indicated one or more operations on the data, performing one or more operations to lose access to the cryptographic key.
2. The computer-implemented method of claim 1 , wherein: the uniform resource locator further encodes a path that identifies the data; and using the cryptographic key to perform the indicated one or more operations includes using the encoded path to access the data.
3. The computer-implemented method of claim 1 , wherein at least some of the data is supplied by the requestor in the request.
4. The computer-implemented method of claim 1 , wherein: the portion of the uniform resource locator indicates an expiration; and using the cryptographic key to perform the indicated one or more operations is performed on a further condition that the request is received prior to the expiration.
5. The computer-implemented method of claim 1 , wherein: receiving the request is performed by a service provider; the first entity is a customer of the service provider; and the requestor is not a customer of the service provider.
6. The computer-implemented method of claim 1 , wherein using the cryptographic key to perform the indicated one or more operations is performed further on a condition that the request complies with one or more policies configured by the first entity.
7. The computer-implemented method of claim 1 , wherein: the request includes information added to an initial uniform resource locator generated by the first entity to generate the request; and the using the cryptographic key to perform the indicated one or more operations is based at least in part on the information added to the initial uniform resource locator.
8. The computer-implemented method of claim 1 , wherein: the uniform resource locator includes the cryptographic key in encrypted form; and the method further comprises decrypting the cryptographic key in encrypted form prior to using the cryptographic key to perform the indicated one or more operations.
9. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to: generate first information that encodes a request and a cryptographic key; generate an electronic signature of information verifiable by a service provider capable of fulfilling the request, the electronic signature based at least in part on a portion of a uniform resource locator and secret information inaccessible to another computer system; and make available the first information and the electronic signature to enable the other computer system to provide the first information and electronic signature to the service provider to cause the service provider to use the cryptographic key to fulfill the request by at least: making a determination whether the electronic signature is valid; and on a condition that the determination indicates that the electronic signature is valid, using the cryptographic key to perform one or more operations on data to generate a result of the one or more operations; and after using the cryptographic key to perform the one or more operations on the data, performing one or more additional operations to lose access to the cryptographic key.
10. The non-transitory computer-readable storage medium of claim 9 , wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to generate the uniform resource locator to include the first information and the electronic signature.
11. The non-transitory computer-readable storage medium of claim 9 , wherein making available the first information and the electronic signature include providing a webpage configured with the uniform resource locator such that, selected, causes transmission of the request to the service provider that includes the information and electronic signature.
12. The non-transitory computer-readable storage medium of claim 11 , wherein the webpage is provided to the other computer system.
13. The non-transitory computer-readable storage medium of claim 9 , wherein: the first information further encodes an identifier of the data hosted by the service provider; and the request specifies the one or more operations to be performed in connection with the data.
14. The non-transitory computer-readable storage medium of claim 9 , wherein the first information encodes the cryptographic key in plaintext form.
15. The non-transitory computer-readable storage medium of claim 9 , wherein the first information encodes one or more conditions on submission of the request for the request to be fulfillable by the service provider.
16. The non-transitory computer-readable storage medium of claim 9 , wherein the first information encodes a manner of how the request is to be fulfilled, where the manner is from a plurality of manners by which the request is fulfillable.
17. A computer system, comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computer system to: generate first information that encodes a request and a cryptographic key; generate an electronic signature of information verifiable by a service provider capable of fulfilling the request, the electronic signature based at least in part on a portion of a uniform resource locator and secret information inaccessible to another computer system; and make available the first information and the electronic signature to enable the other computer system to provide the first information and electronic signature to the service provider to cause the service provider to use the cryptographic key to fulfill the request by at least: making a determination whether the electronic signature is valid; and on a condition that the determination indicates that the electronic signature is valid, using the cryptographic key to perform one or more operations on data to generate a result of the one or more operations; and after using the cryptographic key to perform the one or more operations on the data, performing one or more additional operations to lose access to the cryptographic key.
18. The computer system of claim 17 , wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computer system to generate the uniform resource locator to include the first information and the electronic signature.
19. The computer system of claim 17 , wherein making available the first information and the electronic signature include providing a webpage configured with the uniform resource locator such that, selected, causes transmission of the request to the service provider that includes the information and electronic signature.
20. The computer system of claim 19 , wherein the webpage is provided to the other computer system.
21. The computer system of claim 17 , wherein: the first information further encodes an identifier of the data hosted by the service provider; and the request specifies the one or more operations to be performed in connection with the data.
22. The computer system of claim 17 , wherein the first information encodes the cryptographic key in plaintext form.
23. The computer system of claim 17 , wherein the first information encodes one or more conditions on submission of the request for the request to be fulfillable by the service provider.
24. The computer system of claim 17 , wherein the first information encodes a manner of how the request is to be fulfilled, where the manner is from a plurality of manners by which the request is fulfillable.
25. The computer system of claim 17 , wherein the secret information comprises a second cryptographic key different from the cryptographic key.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 25, 2013
January 12, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.